From 734d85337d22470ed3e77c154c8305149b23fa53 Mon Sep 17 00:00:00 2001
From: Alexandre Dulaunoy <a@foo.be>
Date: Wed, 3 Aug 2022 11:44:37 +0200
Subject: [PATCH] new: [sigma] a sigma attribute exists in MISP but the object
 was missing to add some additional meta information.

---
 objects/sigma/definition.json | 47 +++++++++++++++++++++++++++++++++++
 1 file changed, 47 insertions(+)
 create mode 100644 objects/sigma/definition.json

diff --git a/objects/sigma/definition.json b/objects/sigma/definition.json
new file mode 100644
index 0000000..d106942
--- /dev/null
+++ b/objects/sigma/definition.json
@@ -0,0 +1,47 @@
+{
+  "attributes": {
+    "comment": {
+      "description": "A description of the Sigma rule.",
+      "misp-attribute": "comment",
+      "ui-priority": 0
+    },
+    "context": {
+      "description": "Context where the Sigma rule can be applied",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "multiple": true,
+      "sane_default": [
+        "all",
+        "disk",
+        "memory",
+        "network",
+        "dns"
+      ],
+      "ui-priority": 0
+    },
+    "reference": {
+      "description": "Reference/origin of the Sigma rule.",
+      "misp-attribute": "link",
+      "ui-priority": 0
+    },
+    "sigma": {
+      "description": "Sigma rule.",
+      "misp-attribute": "sigma",
+      "ui-priority": 0
+    },
+    "sigma-rule-name": {
+      "description": "Sigma rule name.",
+      "misp-attribute": "text",
+      "ui-priority": 0
+    }
+  },
+  "description": "An object describing a Sigma rule (or a Sigma rule name).",
+  "meta-category": "misc",
+  "name": "sigma",
+  "requiredOneOf": [
+    "sigma",
+    "sigma-rule-name"
+  ],
+  "uuid": "aa21a3cd-ab2c-442a-9999-a5e6626591ec",
+  "version": 1
+}
\ No newline at end of file